From 3c85f049389dec3b0ee6406f0be2cfaf0089f1fe Mon Sep 17 00:00:00 2001 From: Kitsune Ral Date: Fri, 11 Sep 2020 06:50:45 +0200 Subject: More stringent serverpart checks in user ids May lead to new crashes due to nullptr returned from Connection::user() on more utterly invalid content from the wire that the library still doesn't properly invalidate. This has long been quite a good case for exceptions, or another error-handling framework: Connection::user() can return nullptr either when out of memory or when the id is invalid or empty, and other places are likely to treat invalid ids in different ways but probably just hope that memory exhaustion "never happens", or try to handle it in a quite different way than an empty or invalid id. Something to think of in 0.7. --- lib/connection.cpp | 2 +- lib/util.cpp | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/connection.cpp b/lib/connection.cpp index d32c7472..b6a3198d 100644 --- a/lib/connection.cpp +++ b/lib/connection.cpp @@ -1150,7 +1150,7 @@ User* Connection::user(const QString& uId) { if (uId.isEmpty()) return nullptr; - if (!uId.startsWith('@') || !uId.contains(':')) { + if (!uId.startsWith('@') || serverPart(uId).isEmpty()) { qCCritical(MAIN) << "Malformed userId:" << uId; return nullptr; } diff --git a/lib/util.cpp b/lib/util.cpp index 797f6d69..023645c1 100644 --- a/lib/util.cpp +++ b/lib/util.cpp @@ -116,13 +116,13 @@ qreal Quotient::stringToHueF(const QString& s) } static const auto ServerPartRegEx = QStringLiteral( - "(\\[[^]]+\\]|[^:@]+)" // Either IPv6 address or hostname/IPv4 address + "(\\[[^][:blank:]]+\\]|[-[:alnum:].]+)" // Either IPv6 address or hostname/IPv4 address "(?::(\\d{1,5}))?" // Optional port ); QString Quotient::serverPart(const QString& mxId) { - static QString re = "^[@!#$+].+?:(" // Localpart and colon + static QString re = "^[@!#$+].*?:(" // Localpart and colon % ServerPartRegEx % ")$"; static QRegularExpression parser( re, -- cgit v1.2.3